WordPress.org

Ready to get started?Download WordPress

Forums

Stop Spammers
[resolved] a couple of issues and questions (6 posts)

  1. Ovidiu
    Member
    Posted 1 year ago #

    hey,

    just to let you know, I keep getting 500 server errors on your blog: http://screencast.com/t/XCB408gcx1Z so I commented here instead of on your blog.

    On a blog (with multisite enabled) that runs your plugin version 4.0 I jsut saw the following stats:

    Stop Spammers has stopped 15521 spammers since 2012/11/09.
    Cached Bad IP 15171

    This smelled weird, as that is way more spam than I ever got so I checked the history and for whatever reason my own server's IP was blacklisted?

    date/time email IP author, user/pwd script reason blog
    2012/12/11 16:35:58 -- 85.214.229.212 -- /wp-cron.php?doing_wp_cron=1355236558.1089560985565185546875 Cached bad ip

    I have cleared the cache and added the server's IP to the white list. Any idea why it would block my "wp cron" job?

    http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/

  2. kpgraham
    Member
    Plugin Author

    Posted 1 year ago #

    WP cron jobs are not truly cron. They are kicked off when a user touches your site. If a spammer visits your site it can start the cron going, but it would also require that the cron job be using a POST that has an email, name or author field in it.

    If a cron job fails to complete, the next time a user hits, it will restart so I don't think there is an issue.

    The black list is another issue. You are behind a proxy server, I think, and the proxy server started using an IP with a bad ip. If you white list it, it should work better. I changed the way the ip address is determined. Every check now looks for the proxy server headers and tries to determine the real IP.

    wp-cron used to be full of bugs and was vulnerable to hacks. I don't know if these have been fixed, but spammers may try to pound on wp-cron trying to hack your system.

    Let me know if there is a problem with white list. I made a last minute change to the white list functions and now I am worried.

    Blogseye is using wordpress beta bleeding edge nightlies and has a whole bunch of plugins that I am testing. It is a wonder it is up at all. It is up now.

    Keith

  3. Ovidiu
    Member
    Posted 1 year ago #

    Thanks Graham, let me ask a few other questions to fully understand your reply:

    - I do understand how wp cron stuff works, more or less :-)
    - what do you mean by this:

    You are behind a proxy server, I think, and the proxy server started using an IP with a bad ip.
    Who is "YOU"? The IP that was blacklisted is the server's IP. the site in question is zice.ro which is hosted on the very same IP. So whatever happens, this plugin should never block the IP it is hosted on, right?

  4. kpgraham
    Member
    Plugin Author

    Posted 1 year ago #

    "never block the IP it is hosted on".

    I don't see how the request can come through unless the user is using the keyboard on the computer where WP is running. Even then, the user would be going through local host.

    If the proxy server was running on the host, and did not support headers to show the original IP then I can see it, but this has to be a rare case.

    I will add code to prevent the server from blacklisting itself, but I am not sure how this occurs in real life.

    I will update the beta version. It will be available in an hour or so.

    Keith

  5. kpgraham
    Member
    Plugin Author

    Posted 1 year ago #

    The 4.2 beta is now up. Fixed the ip=self issue and one of the network issues with the new log.

    That was quick.

    Keith

  6. Ovidiu
    Member
    Posted 1 year ago #

    hm, will check the beta.

    "never block the IP it is hosted on".

    I don't see how the request can come through

    I have no idea myself, but I can guarantee you that this is a real server, hosted in a professional environment and that I am the only one with root access and that I have not connected to it then browsed the site from the server :-)

    I suspected cloudflare, but if something goes wrong there, it would block cloudflare's IP range and not the server's..

    I'll close this issue for now and will report back if anything else occurs :-)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.